PT-2025-2736 · Venki · Venki Supravizio Bpm

Auber R Maroneze

Published

2025-01-13

Updated

2025-10-03

CVE-2024-46480

CVSS v3.1

8.4

High

Vector

AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Venki Supravizio BPM versions up to 18.0.1

Description: The issue is related to an NTLM hash leak, which allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. This can be exploited by attackers to gain higher privileges.

Recommendations: For versions up to 18.0.1, update to a version later than 18.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Application Administrator role to minimize the risk of exploitation.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2024-46480

Affected Products

Venki Supravizio Bpm

PT-2025-2736 · Venki · Venki Supravizio Bpm

CVE-2024-46480

Weakness Enumeration

Related Identifiers

Affected Products

References · 9